VYPR

YAML Syck

by Cpan Authors

Source repositories

CVEs (3)

  • CVE-2026-5089HigMay 12, 2026
    risk 0.40cvss 7.3epss 0.00

    YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 (sexagesimal) parsing code in perl_syck.h has a buffer underflow bug in both int#base60 and float#base60 handlers. When processing the leftmost segment of a colon-separated value (e.g., the 1 in…

  • CVE-2026-4177Mar 16, 2026
    risk 0.00cvss epss 0.01

    YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the…

  • CVE-2025-11683Oct 16, 2025
    risk 0.00cvss epss 0.00

    YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read The issue is seen with complex…